[cfe-commits] r165815 - /cfe/trunk/tools/scan-view/ScanView.py
Ted Kremenek
kremenek at apple.com
Fri Oct 12 12:16:31 PDT 2012
Author: kremenek
Date: Fri Oct 12 14:16:31 2012
New Revision: 165815
URL: http://llvm.org/viewvc/llvm-project?rev=165815&view=rev
Log:
Have scan-view guard against serving up pages outside the root directory.
Modified:
cfe/trunk/tools/scan-view/ScanView.py
Modified: cfe/trunk/tools/scan-view/ScanView.py
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/scan-view/ScanView.py?rev=165815&r1=165814&r2=165815&view=diff
==============================================================================
--- cfe/trunk/tools/scan-view/ScanView.py (original)
+++ cfe/trunk/tools/scan-view/ScanView.py Fri Oct 12 14:16:31 2012
@@ -707,6 +707,11 @@
return None
def send_path(self, path):
+ # If the requested path is outside the root directory, do not open it
+ rel = os.path.relpath(path, self.server.root)
+ if rel.startswith(os.pardir + os.sep):
+ return self.send_404()
+
ctype = self.guess_type(path)
if ctype.startswith('text/'):
# Patch file instead
More information about the cfe-commits
mailing list